Identity Aggregator

After reading Robert Scoble’s post on Angry Birds as a serious identity provider, I couldn’t resist writing up my thoughts. Big network solutions will never be big enough to include everyone without alternatives. This is a quick follow up to an earlier post Internet Identity is Broken.

Net identity isn’t best served by being part of the biggest network, it’s about inclusion through open protocols. I don’t want to develop for or see fifteen log in buttons. One button will do. Identity aggregators (why limit it to one provider?) can perform the hard middleman job of negotiating credentials with many different services. All providers can setup hooks for a browser to approve connection to their aggregation backend. 

Consider the following example. I land at shiny new service or install hot new app. My first action is to share my identity with a single button. The service connects to the hooks my ID aggregator has set contingent on my selection. Now an Oauth like approval process happens and all the identities I approve for sharing are relayed to the new service. 

That’s it.

Related Posts:

Categories: Uncategorized
Tags: ,

  • Pingback: Tweets that mention Identity Aggregator » Victus Spiritus -- Topsy.com

  • http://www.pdxbrain.com Tyler

    Im a huge advocate for RSA keys as being idetifers. anything that uses domain in identification is logically flawed. #1 because domains expire. #2 because that domain controls your identity (twitter/facebook) and they can do whatever they want with it. With RSA keys on the other hand, only YOU control what you do with your identity, and its just a number so its not limited by websites or even the internet. Its also awesome because ONLY you can sign material proving that you own that key, so its 100% resolvable without any central authority.

  • http://www.victusspiritus.com/ Mark Essel

    Excellent decision criteria.

    How do folks “lay claim” to new numbers (who doles them out)?

    How do you get past the adoption hurdle?
    “Hey just look me up at any service, look me up at
    http://(generic domain)/897bed6539accf9409405fb69a791f2ac3eba515c33da5694026047e616b8f7217571e476a6a1dd729d9aed148ab7eed2bc93fe4e82acb0c7b1c9174fb7282a3.

    Or is the interface (generic domain)/(nickname) and I authenticate with my private rsa key?

  • http://www.pdxbrain.com Tyler

    in RSA, you generate your own key, the address space is so large that you won’t ever find someone with the same key its essentially a UUID. When creating a public key, you also create a private key that matches your public key, so you can create signatures to verify your public key. here is a good article: http://en.wikipedia.org/wiki/RSA

    The best method i have found is to not associates usernames with keys, but instead to let each node pick what name they will call each key, my server has a separate database where you can add an rsa key and a “username” and it will replace all instances of that key with your specified username.

    It only makes sense that way since thats essentially how “real” names work. Your “DNA” (rsa key) is a constant immutable string of bits, and your name is just something that people call you. My Mom calls me Ty. My Grandpa calls me TJ. you call me Tyler, 3 different names granted by three different entities, and it works because my DNA is constant